When you login you will get a ‘PasswordExpired’ login failure if the password has expired and must be changed.
If you have written a simple trading widget then the simple way to deal with this is to login to the regular frontend, let it force you to change the password, then login your widget using the new password that you entered. This approach requires NO code changes. Obviously this is the recommended approach where possible.
To have the API change the password on login you must use the new overload of the Host constructor that allows specifying the psNewPassword parameter. This will attempt to login as per normal and will change the password to the new password you specified. If you get login success then the password has changed and you are now logged in and good to go. If you get login failed then there are additional failure reasons of:
- PasswordChangeFailed – this means that the new password was not valid, e.g. it does not meet complexity requirements.
- PasswordAlreadyUsed – this means that you have already used this password within the last x days specified by the firm and need to select a different password.
There are a few utility methods to help deal with the password complexity stuff, on the Host object (even if login fails) you have access to the following methods:
- CheckPasswordComplexity(psNewPassword) – this will return “” if the password meets the complexity requirements for the firm, or return a short string describing the reason why not.
- GetPasswordComplexityDescription – this returns an xml document that contains the password rules for that specific firm. This is intended to be able to be formatted and displayed to a user if needed.
Logging in additional users in the same session
Changing Password once logged in